I don't see a security issue here at all. Off course, if you don't allow a remote connection you will be safer, but only that "a little safer" There isn't a single server in the world can can be tight enough unless you unplug it from the switch. What I would not do is allow a remote connection from any IP, I would limit it to one IP or to a class C at most.
This would be as simple as running a command like this:
mysql>grant insert, update, delete, select on database_name.* to database_user@'192.168.1.1' identified by 'password';
I don't really know if this would work though because we had problems configuring this a while ago. I think it has to do with the CPanel/WHM/Portsentry setup, but in theory it should work. You should be able to find a host that can do this for you.